Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: caddy: caddy-2.11.3-0.1.hum1 aarch64, x8664 caddy-2.11.3-0.1.hum1.src src...

CVE-2026-39659

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2026-39659

...

PT-2026-31222

Missing Authorization vulnerability in Ultimate Member Ultimate Member ultimate-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Member: from n/a through = 2.11.3...

MiracleLinux 9 : python-jinja2-2.11.3-8.el9_5 (AXSA:2025-9829:04)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-9829:04 advisory. jinja2: Jinja sandbox breakout through attr filter selecting format method CVE-2025-27516 Tenable has extracted the preceding description block directly from...

Cockpit 代码注入漏洞

Cockpit is an interactive server management interface for Cockpit open source. A code injection vulnerability exists in Cockpit 2.11.3 and earlier versions, which stems from a cross-site scripting attack due to incorrect manipulation of the parameters name/email in the file /system/users/save...

CVE-2024-29802

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.3...

[SECURITY] [DLA 4126-2] jinja2 regression update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4126-2 [email protected] https://www.debian.org/lts/security/ Lucas Kanashiro April 30, 2025 https://wiki.debian.org/LTS -...

BIT-MLFLOW-2024-2928 Local File Inclusion (LFI) via URI Fragment Parsing in mlflow/mlflow

A Local File Inclusion LFI vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can...

Nginx Proxy Manager Security Vulnerability

Nginx Proxy Manager is a Docker container for Nginx Proxy Manager open source. It is used to manage Nginx proxy hosts through a simple and powerful interface. A security vulnerability exists in Nginx Proxy Manager versions prior to 2.11.3, which stems from a vulnerability that allows authenticate...

Local File Inclusion in mlflow

A Local File Inclusion LFI vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can...

GHSA-J46Q-5PXX-8VMW Local File Inclusion in mlflow

A Local File Inclusion LFI vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can...

CVE-2024-2928

A Local File Inclusion LFI vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can...

PYSEC-2024-242

A Local File Inclusion LFI vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can...

CVE-2024-2928 Local File Inclusion (LFI) via URI Fragment Parsing in mlflow/mlflow

A Local File Inclusion LFI vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can...

CVE-2024-2928

Summary: MLflow

CVE-2024-36106

Affected product: Argo CD (GitOps for Kubernetes). Vulnerability: Authenticated users may enumerate clusters by name via error messages and, if cluster names are known, enumerate project-scoped cluster names as well. Root cause / status: Information disclosure through verbose error messages. Impa...

PT-2024-5351 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.11.3 Argo CD versions prior to 2.10.12 Argo CD versions prior to 2.9.17 Description: The issue is related to insufficient authentication procedures when handling the "/api/v1/settings" endpoint, allowing unauthoriz...

CVE-2024-27317 Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification

In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when the filenames in th...

GHSA-C57V-4VG5-CM2X Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability

Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider...